say what?

     The Web is an increasingly unfriendly place. According to a study by Google released last February, 5% of 60 million Web sites analyzed were found to have malicious software that could be invisibly downloaded onto users’ computers. In April, an attack seeming to originate in China demonstrated just how many innocent sites are also vulnerable to cybercriminals’ influence: More than 500,000 sites were hacked and corrupted with malware that infects visitors. That attack used just one of the many tricks at a hacker’s disposal for stealing information from a Web site or planting invisible malware.

    SQL Injection

    SQL injection plays on a simple problem: A Web page’s input fields often fail to distinguish between innocent user data–information like names or dates–and malicious commands. When a hacker’s hidden instructions are entered into a Web site’s input forms, the site may confuse them with user data and pull the commands into its Structured Query Language (SQL) database, where they can become integrated into the database’s code. That lets the hacker access the site’s data or add commands to the page so as to infect a visitor with malicious software. A survey of major Web sites by the Web security firm White Hat Security found that 16% of sites were vulnerable to this tactic.

    Cross-Site Scripting

    About 65% of the major sites surveyed by security analysts White Hat Security are vulnerable to an attack called cross-site scripting, which allows a disturbing upgrade to phishing attacks. The typical phisher e-mails users a link that brings them to a fraudulent site, conning them into sharing credit card information or other sensitive data. In a cross-site scripting attack, the link instead folds hidden command into a destination site’s code. That means even a legitimate page can be secretly tweaked so that when a user enters bank codes or other sensitive information, the data ends up in the hands of the phisher. The threat of cross-site scripting is yet another reason to watch out for links in unfamiliar e-mails.

    Cross-Site Request Forgery

    Cross-site request forgery, sometimes known as "sidejacking," takes advantage of a vulnerability that’s common to password-protected Web pages. When a user logs in to a private site, his or her identity is marked with a "cookie"–a temporary file downloaded to a user’s browser. But if that user can be tricked into visiting a malicious site while still logged in to that password-protected page, the second site can secretly steal his or her cookies, and with them, the user’s access to the first site’s private information.

    Google Hacking

    About two out of every three Web searches starts at Google. So, it seems, do many attacks on Web sites. "Google hacking" uses the search engine to probe the entire Web for sensitive information or hackable vulnerabilities in code. Just by entering the right search string, for instance, hackers are sometimes able to find repositories of credit card information or social security numbers stored on the Web. In April, an attack seeming to originate in China used Google to probe the Web for sites vulnerable to a certain strain of SQL injection, targeting more than half a million pages and infecting them with malicious software.

    Forced Browsing

    In some cases, "hacking" a Web site is as simple as changing a single digit in a Web address. By shifting the characters in a page’s address that refers to a name or date, a malicious user can sometimes gain access to pages he or she isn’t intended to see, a process security professionals call "forced browsing." In 2006, Phil Angelides, a Democratic contender in the California gubernatorial campaign, was accused of hacking rival Arnold Schwarzenegger’s Web site and obtaining a confidential audio file. But a source close to the Democratic campaign told News.com that Angelides’ aides had merely tampered with a URL to find the file.

    Timing Attacks

    As much as Web sites try to hide their inner workings from hackers, some pages reveal information in signs as subtle as how quickly they load. Security researchers have shown that software that guesses random usernames on a Web application’s login page sometimes reveals which usernames are valid even without a password–that’s because a valid username causes the site to pause for a slightly shorter time than an incorrect username would. In some cases, spammers can use that simple trick to collect thousands of valid e-mail addresses, which they then target with spam. In a 2005 issue of the hacker magazine 2600, another researcher revealed how to use timing analysis to determine the dealer’s hand in an online blackjack gambling site.

         Captcha Breaking

One major challenge for security professionals is telling humans from software "bots" on the Web. In a webmail service, for instance, users are shown a "captcha," a distorted word or image, and asked to identify the text or picture. The goal is to foil software designed to sign up for accounts for the purpose of churning out spam. But in some cases, spammers have beaten the countermeasure by creating sites that enlist users to solve captchas by the hundreds in exchange for pornographic images. Google’s Gmail captcha was the latest victim of cybercriminals. Because the site offers an audio function that reads captchas aloud for blind users, hackers were able to use speech-to-text software to defeat the test automatically

    Distributed Denial Of Service

    Sometimes a hacker’s goal isn’t to steal information or infect users with malicious software but rather to a shut down a site altogether. In those cases, cybercriminals often employ distributed denial of service attacks, a technique that floods a Web server with requests for information and overwhelms it. Using botnets, armies of unsuspecting computers hijacked with invisible software, cybercriminals can vastly multiply the size of their attacks and also mask their origins.

        Lawrence Kutner and Cheryl Olson, a husband-and-wife team at Harvard Medical School, detail their views in "Grand Theft Childhood: The Surprising Truth About Violent Video Games and What Parents Can Do", which came out last month and promises to reshape the debate on the effects of video games on kids. People should realize that there is no data to support the simple-minded concerns that video games cause violence.

      The pair reached that conclusion after conducting a two-year study of more than 1,200 middle-school children about their attitudes towards video games. It was a different approach than most other studies, which have focused on laboratory experiments that attempt to use actions like ringing a loud buzzer as a measure of aggression.They found that playing video games was a near-universal activity among children, and was often intensely social. But the data did show a link between playing mature-rated games and aggressive behavior. The researchers found that 51 percent of boys who played M-rated games — the industry’s equivalent of an R-rated movie, meaning suitable for ages 17 and up — had been in a fight in the past year, compared to 28 percent of non-M-rated gamers.

        The pattern was even stronger among girls, with 40 percent of those who played M-rated games having been in a fight in the past year, compared to just 14 percent for non-M players.The researchers also try to place video games in a larger context of popular culture. The anxiety many parents voice over video games largely mirrors the concerns raised when movies, comic books and television became popular.The book urges a common-sense approach that takes stock of the entire range of a child’s behavior. Frequent fighting, bad grades, and obsessive gaming can be signs for trouble.

Break Out

    Recent research from the University of Alberta shows that people clearly know the dangers of unhealthy habits, such as smoking or overeating. One reason why people have trouble quitting these behaviors is that they’ve become socially acceptable. Stop using your bad habits as a way to fit in or belong.

    Identify The Problem

    It’s trite but true. You can’t address an unhealthy habit until you admit you’ve got one in the first place–and that it’s having an impact on your body. Do you grab a candy or chocolate every time you pass a coworker’s desk or fritter away your gym time reading blogs? Take a moment to honestly evaluate the patterns in your life.

    Don’t Rationalize

    No one likes to be told what to do. As a result, we may try to rationalize unhealthy habits. For instance, you’ve heard a million times that smoking is bad for you, but you keep picking up the "death sticks" anyway because they help control your weight. If you want to get healthy, you’ve got to avoid this kind of defiant mentality.

    Be Specific

    Rather than just saying you want to eat better, get more specific. If you want to break an unhealthy habit, you’ve got to lay out exactly what it is you want to change. Try aiming to reduce how much red meat and fried food you eat and upping your daily intake of fruits and vegetables.

    Be Modest

    If your goals are too lofty, you’re doomed to fail at breaking an unhealthy habit. It’s much smarter to choose modest goals you know you can achieve, and then continue building on your success. Instead of saying you’re going to get up off the couch and exercise every day, start by aiming to hit the gym once or twice a week.

    Get Help

    Spouses, friends, co-workers and even pets can be great resources in helping you tackle an unhealthy habit. Buddying up can provide you with a cheerleader and will make you accountable to that person. If you’re looking to get more active, a pet waiting to be walked when you get home, for instance, can make sure you follow through.
    Check In

    Once you’ve started tackling an unhealthy habit, make sure you check in on your progress every now and then. If, after a few months, you find that you still have to spend a lot of time and energy working toward your goal, consider easing up and setting a more modest one.

    Look For Flexibility At Work

    If you want to keep up your healthy habits, consider looking for a job that offers workplace flexibility, including non-traditional hours and telecommuting options. New research from the Wake Forest University School of Medicine shows that people who have flexibility in their work lives have healthier lifestyles.Credit from Allison Van Dusen.

        A beach vacation usually conjures up images of lying on white sand relaxing not dicing with death but Forbes.com has come up with a list of the world’s most dangerous beaches.

Strong currents and deadly jellyfish are among the dangers that spring to mind but the biggest fear is sharks, according to Stephen P. Leatherman of the International Hurricane Research Center & Laboratory for Coastal Research in Miami."But in reality, you’ve got a better chance at winning the lottery than getting bitten," he told Forbes.com, adding that there were only 112 incidents globally of shark bites in 2007.Following is a list of the most dangerous beaches by category which was prepared by Forbes.com and focuses mainly on the United States. The list is not endorsed by Reuters:

1. Shark Attacks/Bites

New Smyrna Beach, Volusia County, Florida.

The were 112 incidents of shark-human "contact" in 2007, according to the International Shark Attack File released in March but only one resulted in a human fatality. New Smyrna, an inlet on the eastern coastline of Florida, had the most attacks, with 17 bites recorded.

2. Pollution:

Hacks Point Beach, Kent County, Md./Beachwood Beach West, Ocean County, N.J.

According to the National Research Defense Council, an environmental action group, these two beaches had the highest percentage of samples exceeding U.S. health standards in 2006.

3. Jellyfish Attacks:

Northern Australia

The coast of Northern Australia serves as a home to chironex fleckeri, also known as the box jellyfish, which has caused 60 deaths in the last 100 years, according the Center for Disease Control, Australia. While fatalities are rare, about 40 people are hospitalized each year in the Northern Territory. Last year, a 6-year-old boy died in the Tiwi Islands, north of Darwin.

4. Lightning:

Florida

Florida tops off the list as the most dangerous spot for lightning, according to the National Oceanic and Atmospheric Administration. Between 1997 and 2006, there were 71 deaths caused by lightning in Florida, more than any other state.

Popular beaches such as New Smyrna and Clearwater are often evacuated and then closed for days because of the threat of lightning.

5. Boating Accidents:

Florida

Data by county or beach is not available, but according to the U.S. Coast Guard’s Boating Safety Division, the state of Florida reported 633 boating accidents and 68 fatalities in 2006, the highest number of any state in the country with more people actively involved in boating in Florida.

6. Rip Current Drowning:

Brevard County, Florida

In 2007, 10 people drowned in Brevard County due to the rip current alone, according to the United States Life Saving Association.